Sign-up

ID

VAR-201906-1027


CVE

CVE-2019-10989


TITLE

WebAccess/SCADA Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005814

DESCRIPTION

In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. WebAccess/SCADA Contains a buffer error vulnerability. This vulnerability CVE-2019-10991 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11372 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable

Trust: 3.96

sources: NVD: CVE-2019-10989 // JVNDB: JVNDB-2019-005814 // ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // BID: 108923 // IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // VULHUB: VHN-142590

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // CNVD: CNVD-2019-32464

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.5

Trust: 1.8

vendor:advantechmodel:webaccessscope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccess/scadascope:lteversion:<=8.3.5

Trust: 0.6

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.5

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.4

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:8.0

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccess/scadascope:neversion:8.4.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // BID: 108923 // JVNDB: JVNDB-2019-005814 // NVD: CVE-2019-10989

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-10989
value: CRITICAL

Trust: 1.4

nvd@nist.gov: CVE-2019-10989
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-10989
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-32464
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-1078
value: CRITICAL

Trust: 0.6

IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc
value: CRITICAL

Trust: 0.2

VULHUB: VHN-142590
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-10989
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-32464
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142590
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2019-10989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2019-10989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-10989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // ZDI: ZDI-19-591 // ZDI: ZDI-19-590 // CNVD: CNVD-2019-32464 // VULHUB: VHN-142590 // JVNDB: JVNDB-2019-005814 // CNNVD: CNNVD-201906-1078 // NVD: CVE-2019-10989

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-142590 // JVNDB: JVNDB-2019-005814 // NVD: CVE-2019-10989

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-1078

TYPE

Buffer error

Trust: 0.8

sources: IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // CNNVD: CNNVD-201906-1078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005814

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05
Trust: 1.4
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32464)url:https://www.cnvd.org.cn/patchInfo/show/181497
Trust: 0.6
title:Advantech WebAccess/SCADA Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94181
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-591 // 
            
            
            
            ZDI: ZDI-19-590 // 
            
            
            
            CNVD: CNVD-2019-32464 // 
            
            
            
            JVNDB: JVNDB-2019-005814 // 
            
            
            
            CNNVD: CNNVD-201906-1078

EXTERNAL IDS
db:NVDid:CVE-2019-10989
Trust: 5.0
db:ICS CERTid:ICSA-19-178-05
Trust: 2.8
db:ZDIid:ZDI-19-591
Trust: 2.4
db:ZDIid:ZDI-19-590
Trust: 2.4
db:BIDid:108923
Trust: 1.5
db:CNNVDid:CNNVD-201906-1078
Trust: 0.9
db:CNVDid:CNVD-2019-32464
Trust: 0.8
db:JVNDBid:JVNDB-2019-005814
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-8068
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-8067
Trust: 0.7
db:AUSCERTid:ESB-2019.2350
Trust: 0.6
db:IVDid:A3A80884-2713-49F5-A1E2-0B387C0701CC
Trust: 0.2
db:VULHUBid:VHN-142590
Trust: 0.1
sources:
            
            
            IVD: a3a80884-2713-49f5-a1e2-0b387c0701cc // 
            
            
            
            ZDI: ZDI-19-591 // 
            
            
            
            ZDI: ZDI-19-590 // 
            
            
            
            CNVD: CNVD-2019-32464 // 
            
            
            
            VULHUB: VHN-142590 // 
            
            
            
            BID: 108923 // 
            
            
            
            JVNDB: JVNDB-2019-005814 // 
            
            
            
            CNNVD: CNNVD-201906-1078 // 
            
            
            
            NVD: CVE-2019-10989

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-178-05
Trust: 4.2
url:https://www.zerodayinitiative.com/advisories/zdi-19-591/
Trust: 2.3
url:https://www.zerodayinitiative.com/advisories/zdi-19-590/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10989
Trust: 1.4
url:http://www.securityfocus.com/bid/108923
Trust: 1.2
url:http://webaccess.advantech.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10989
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2350/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-19-591 // 
            
            
            
            ZDI: ZDI-19-590 // 
            
            
            
            CNVD: CNVD-2019-32464 // 
            
            
            
            VULHUB: VHN-142590 // 
            
            
            
            BID: 108923 // 
            
            
            
            JVNDB: JVNDB-2019-005814 // 
            
            
            
            CNNVD: CNNVD-201906-1078 // 
            
            
            
            NVD: CVE-2019-10989

CREDITS
Mat Powell of Trend Micro Zero Day Initiative
Trust: 1.4
sources:
            
            
            ZDI: ZDI-19-591 // 
            
            
            
            ZDI: ZDI-19-590

SOURCES
db:IVDid:a3a80884-2713-49f5-a1e2-0b387c0701cc
db:ZDIid:ZDI-19-591
db:ZDIid:ZDI-19-590
db:CNVDid:CNVD-2019-32464
db:VULHUBid:VHN-142590
db:BIDid:108923
db:JVNDBid:JVNDB-2019-005814
db:CNNVDid:CNNVD-201906-1078
db:NVDid:CVE-2019-10989

LAST UPDATE DATE
2024-08-14T14:12:21.331000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-19-591date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-590date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32464date:2019-09-21T00:00:00
db:VULHUBid:VHN-142590date:2023-03-02T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005814date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1078date:2020-08-25T00:00:00
db:NVDid:CVE-2019-10989date:2023-03-02T15:58:46.100

SOURCES RELEASE DATE
db:IVDid:a3a80884-2713-49f5-a1e2-0b387c0701ccdate:2019-09-21T00:00:00
db:ZDIid:ZDI-19-591date:2019-07-02T00:00:00
db:ZDIid:ZDI-19-590date:2019-07-02T00:00:00
db:CNVDid:CNVD-2019-32464date:2019-09-21T00:00:00
db:VULHUBid:VHN-142590date:2019-06-28T00:00:00
db:BIDid:108923date:2019-06-27T00:00:00
db:JVNDBid:JVNDB-2019-005814date:2019-07-02T00:00:00
db:CNNVDid:CNNVD-201906-1078date:2019-06-27T00:00:00
db:NVDid:CVE-2019-10989date:2019-06-28T21:15:11.243